Help      |      Chebucto Home      |      News      |      Contact Us     

134. Online Security with
EV SSL Certificates

By Andrew D. Wright

It used to be so easy. If you were on a web page and saw the little padlock in the web browser, you were safe on an encrypted web page.

These days, it's not so easy but a new security initiative called EV SSL is trying to improve things. EV stands for Extended Validation and SSL, or Secure Sockets Layer, is the Internet standard way of encrypting data over a network.

On a secure website with a valid EV SSL certificate using a supported web browser the address window will have a green background and say with whom you are connecting securely.

Internet Explorer 7 on Windows Vista supports EV SSL by default. On Windows XP, Internet Explorer 7 supports EV SSL if you either have Automatic Website Checking turned on (under Tools - Phishing Filter) or if you have the "Check for server certificate revocation" checkbox checked under Tools - Internet Options - Advanced - Security.

EV SSL is supported by default in the new Firefox 3 web browser, due out June 17, 2008, and in the new Opera 9.5 web browser, released on June 12, 2008.

This is what the green address bar on an EV SSL website looks like in the (top to bottom) Internet Explorer 7, Firefox 3 and Opera 9.5 web browsers:
(Click for larger version)

[Graphic: EV SSL with Internet Explorer 7]
[Graphic: EV SSL with Mozilla Firefox 3]
[Graphic: EV SSL with Opera 9.5]

To have a secure page, a website has to purchase an SSL certificate from a Certificate Authority (CA). This is a key used to scramble the data sent to and from a web browser. The key is unique to that website so no one else can open the data. To get that key, the website had to prove their identity to the Certificate Authority.

As time went on, more Certificate Authorities were created and some didn't check website credentials very well. So now a regular secure certificate just means that the connection to the website is scrambled but it can be less reliable for verifying the identity of the website.

This is why the EV SSL certificate was created. There are agreed-upon standards for confirming the identity of every EV SSL certificate holder so if EV SSL says that a website belongs to someone, the Certificate Authority has proof to back that up. In other words, not only is the connection scrambled, you can also be confident the website belongs to whom it says it belongs.

Both SSL and EV SSL certificates mean that your data is being sent over the Internet in a way that no one else can intercept and read. By clicking on the padlock icon on your web browser you can check who the secure certificate was issued to and what Certificate Authority issued it.

What these certificates don't do is prove that what is on either end of the secure connection is safe. A Chebucto Community Net volunteer once said that SSL was like someone living in a cardboard box using a well-guarded armored truck to send something to someone else living in a cardboard box. Their point was security is only as good as the weakest link in the chain.

It is a good idea to check the privacy policy of the group you are sending information to and how they handle sensitive information.

On your side of things, your home computer should be free of viruses, trojans, spyware, keyloggers or other malware. It should be up-to-date with any Operating System updates and should have anti-virus and anti-malware protection.

Users running Windows computers who want to be extra careful may want to get an Ubuntu Linux CD and boot their computer up with it to do any online transactions. This would be protection against everything except a hardware key-logging device physically attached to the computer.


Check if your browser supports EV SSL here (Internet Explorer 7, Firefox 3, Opera 9.5):


Ubuntu boot CD (free):


The Mousepad runs every two weeks. It's a service of Chebucto Community Net, a community-owned Internet provider. If you have a question about computing, email or click here. If we use your question in a column, we'll send you a free mousepad.


The Mousepad Index


Originally published 13 June 2008


Our community is online here!


This column is provided as a community service by